package com.im.web.credentials;

import java.util.concurrent.atomic.AtomicInteger;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;

public class RetryLimitHashedCredentialsMatcher extends HashedCredentialsMatcher {
	private Cache<String, AtomicInteger> passwordRetryCache;  
	  
    public RetryLimitHashedCredentialsMatcher(CacheManager cacheManager) {  
        passwordRetryCache = cacheManager.getCache("passwordRetryCache");  
    }  
  
    @Override  
    public boolean doCredentialsMatch(AuthenticationToken token,  
            AuthenticationInfo info) {  
        String username = (String) token.getPrincipal();  
        // retry count + 1  
        AtomicInteger retryCount = passwordRetryCache.get(username);  
        if (retryCount == null) {  
            retryCount = new AtomicInteger(0);  
            passwordRetryCache.put(username, retryCount);  
        }  
        // 被锁定的状态
        if(retryCount.intValue() > 5) {
        	throw new LockedAccountException("此账号已经被锁定");
        }
        
        if (retryCount.incrementAndGet() > 5) {  
            // if retry count > 5 throw  
            throw new ExcessiveAttemptsException("密码错误次数已超过5次，暂时限制登陆");
        }  
  
        boolean matches = super.doCredentialsMatch(token, info);  
        if (matches) {  
            // clear retry count  
            passwordRetryCache.remove(username);  
        }  
        return matches;  
    } 
}
